Description
Cisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a secure message for the recipient. The text in the e-mail message attempts to convince the recipient to open the attachment and view the message. However, the .zip attachment contains a malicious .exe file that, when executed, attempts to infect the system with malicious code.
E-mail messages that are related to this threat (RuleID5125 and RuleID5125KVR) may contain any of the following files:
SecureMessage.zip
SecureMessage.exe
Secure_Message.zip
Secure_Message.exe
The SecureMessage.exe file in the SecureMessage.zip attachment has a file size of 113,664 bytes. The MD5 checksum, which is a unique identifier of the executable, is the following string: 0xDE9D73A8CD78AC37021366EB7AC6DD46
The Secure_Message.exe file in the Secure_Message.zip attachment has a file size of 113,664 bytes. The MD5 checksum is the following string: 0x8271460BF10315B0891A38E13701C285
The following text section is a sample of the e-mail message that is associated with this threat outbreak:
Subject: You have a new encrypted message from Wells Fargo & Company
Message Body:
Wells Fargo & Company SecureMail
You have received a secure e-mail message from Wells Fargo & Company.
We care about your privacy, Wells Fargo & Company uses this secure way to exchange e-mails containing personal information.
Read your secure message by opening the attachment. You will be prompted to save (download) it to your computer.
If you have concerns about the validity of this message, please contact the sender directly.
First time users - will need to register after opening the attachment.
Are you having trouble reading your message? - Contact Customer Service
Source: Cisco